iCompaas Support

Profile Applicability:

• Level 1

Description:

This control ensures that Amazon S3 Object Versioning is enabled for all critical and sensitive data buckets. Object Versioning protects against accidental or malicious deletion or overwriting of objects by maintaining multiple versions of each object in a bucket. Enabling versioning allows recovery of previous versions of objects and supports compliance with data retention and audit requirements.

Rationale:

Versioning helps ensure data durability, integrity, and recoverability in the event of:

• Accidental overwrites or deletions by users or processes.

• Application errors or malicious modifications.

• Compliance or audit requirements mandating historical data retention.

When versioning is enabled, S3 preserves prior object versions, allowing administrators to restore data to a known good state easily. This improves resiliency, supports compliance, and enhances disaster recovery capabilities.

Impact:

• Positive Impact:Protects critical data from accidental loss or overwrites.Enables easy recovery of deleted or modified files.Supports compliance with regulatory and data retention requirements.
• Negative Impact:Increases S3 storage costs due to retention of multiple object versions.Requires lifecycle management rules to prevent indefinite storage growth.

Default Value:

By default, S3 Object Versioning is disabled for all buckets. It must be explicitly enabled.

Pre-Requisite:

• IAM permissions required:

  • s3:GetBucketVersioning

  • s3:PutBucketVersioning

• Optional: Define lifecycle policies to manage older versions and reduce cost (e.g., automatically delete or transition versions to Glacier after a period).

Remediation

Test Plan

Using AWS Console:

1. Sign in to the AWS Management Console.

2. Navigate to Amazon S3 → Buckets.

3. Select a bucket.

4. Go to the Properties tab.

5. Scroll to Bucket Versioning.

6. Verify the status:

Implementation Plan

Using AWS Console:

1. Navigate to Amazon S3 → Buckets.

2. Select the desired bucket.

3. Go to the Properties tab.

4. Scroll to Bucket Versioning and click Edit.

5. Choose Enable.

6. Click Save changes.

Backout Plan

Using AWS Console:

1. Navigate to Amazon S3 → Buckets → [Your Bucket] → Properties.

2. Under Bucket Versioning, click Edit.

3. Change the status to Suspend.

4. Click Save changes.

References:

• Amazon S3 Versioning Documentation

• AWS CLI Command Reference – put-bucket-versioning

• S3 Lifecycle Management Documentation